[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 1/9] net: pcnet: check rx/tx descriptor ring length
From: |
Jason Wang |
Subject: |
[Qemu-devel] [PULL 1/9] net: pcnet: check rx/tx descriptor ring length |
Date: |
Wed, 26 Oct 2016 10:24:03 +0800 |
From: Prasad J Pandit <address@hidden>
The AMD PC-Net II emulator has set of control and status(CSR)
registers. Of these, CSR76 and CSR78 hold receive and transmit
descriptor ring length respectively. This ring length could range
from 1 to 65535. Setting ring length to zero leads to an infinite
loop in pcnet_rdra_addr() or pcnet_transmit(). Add check to avoid it.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
---
hw/net/pcnet.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index 198a01f..3078de8 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1429,8 +1429,11 @@ static void pcnet_csr_writew(PCNetState *s, uint32_t
rap, uint32_t new_value)
case 47: /* POLLINT */
case 72:
case 74:
+ break;
case 76: /* RCVRL */
case 78: /* XMTRL */
+ val = (val > 0) ? val : 512;
+ break;
case 112:
if (CSR_STOP(s) || CSR_SPND(s))
break;
--
2.7.4
- [Qemu-devel] [PULL 0/9] Net patches, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 1/9] net: pcnet: check rx/tx descriptor ring length,
Jason Wang <=
- [Qemu-devel] [PULL 2/9] net: pcnet: fix source formatting and indentation, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 3/9] tap-bsd: OpenBSD uses tap(4) now, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 4/9] net: eepro100: fix memory leak in device uninit, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 5/9] net: rocker: set limit to DMA buffer size, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 6/9] e1000e: Don't zero out buffer address in rx descriptor, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 7/9] net: vmxnet: initialise local tx descriptor, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 8/9] net: rtl8139: limit processing of ring descriptors, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 9/9] colo-proxy: fix memory leak, Jason Wang, 2016/10/25